[tor-onions] Debugging an ubuntu / apache2 / tor / ssl setup
Adam Jensen
hanzer at riseup.net
Sat Oct 13 23:27:13 UTC 2018
On 10/13/2018 06:08 PM, Peter Brooks wrote:
> Tor encrypts everything in transit, but not between you and the
> first server, and not between the last server and the target machine.
I haven't studied Tor in a serious way but my impression is that in a
simple scenario where a client is using the Tor Browser to connect to a
Tor Hidden Service, that connection is both private and secret - a third
party can not access it or know that it happened. Where this isn't the
case (again, just my impression) is when a plain browser is used to
access a Tor Hidden Service via something like Tor2web[1], or the Tor
Browser is used to access a typical clearnet web service. In both of
these cases, there is a clearnet hop in the communication chain.
[1]: https://en.wikipedia.org/wiki/Tor2web
I guess if the goal is to provide privacy for those who access a Hidden
Service via something like Tor2web, then making the SSL capability
available probably makes some sense. I didn't really consider that
scenario. I guess a self-signed SSL certificate would be necessary and
those accessing the HTTPS Hidden Service would need to accept that
certificate.
Hmm... Does this all seem correct and reasonable?
More information about the tor-onions
mailing list